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DETAILED ACTION 

1 . A response was received on 18 December 2007. By tliis response, Claim 8 lias 
been amended. No claims have been added or canceled. Claims 1-14 are currently 
pending in the present application. 

Response to Arguments 

2. Applicant's arguments filed 18 December 2007 have been fully considered but 
they are not persuasive. 

Claims 1-9 and 12-14 were rejected under 35 U.S.C. 102(e) as anticipated by 
McGarvey, US Patent 6643774. Claim 10 was rejected under 35 U.S.C. 103(a) as 
unpatentable over McGarvey in view of Eastlake et al, "XML-Signature Syntax and 
Processing". Claim 1 1 was rejected under 35 U.S.C. 103(a) as unpatentable over 
McGarvey in view of Ellison et al, "SPKI Certificate Theory". 

Regarding the claims in general. Applicant broadly argues that "McGarvey fails to 
teach or suggest a client interacting with both an authorizer and a third party" (page 5 of 
the present response) but does not provide explicit arguments in support of this 
assertion. More specifically, with respect to independent Claims 1 and 9, Applicant 
argues that McGarvey does not teach or suggest "direct client-authorizer and client-third 
party communications" (page 6 of the present response) and that interactions between 
the client and private key system (corresponding to the claimed authorizer) "are 
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tunneled through the server" and that "[t]here is no teaching or suggestion of bypassing 
the central server" (pages 5-6 of the present response). First, in response to applicant's 
argument that the references fail to show certain features of applicant's invention, it is 
noted that the features upon which applicant relies (i.e., "direct client-third party 
communication" and "bypassing the central server") are not recited in the rejected 
claim(s). Although the claims are interpreted in light of the specification, limitations from 
the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 
USPQ2d 1057 (Fed. Cir. 1993). 

Further, although Applicant asserts that "tunneling is a term of art used to 
establish links between networks, typically in an encrypted manner, and is generally not 
used to describe connections between computing devices or processes", that tunneling 
"typically refers to a network over which computing devices or processes communicate", 
and that McGarvey's use of the term "seems to suggest that a secure network is utilized 
rather than direct client-authorizer" communications as claimed, the Examiner 
respectfully disagrees with all of these assertions. First, the Examiner notes that 
FOLDOC (the Free On-Line Dictionary Of Computing) defines tunneling as 
"Encapsulation of protocol A within protocol B, such that A treats B as though it were a 
data link layer" and goes on to note that "Tunneling is used to get data between 
administrative domains which use a protocol that is not supported by the internet 
connecting those domains"; there is nothing in the definition that explicitly describes the 
use of encryption or "secure networks" as asserted by Applicant. Additionally, it is clear 
from the context in McGarvey that the above definition of the term is not intended, but 
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instead the ternn "tunneling" used as a synonym for "forwarding" (see column 10, lines 
13-15, where the server "forwards or tunnels" Information from the client to the private 
key system). McGarvey explicitly states that "the actual exchange of certificates and 
credentials Is between the client and the private key system" even though the 
handshake is "tunneled through the server" (column 11, lines 42-46). Therefore, the 
Examiner submits that the preponderance of evidence Is suggestive that the actual 
transmission or provision of the certificate Is at base between the client and the private 
key system, the latter corresponding to the claimed authorlzer (see also column 1 1 , 
lines 61-66). Again, the Examiner notes that Applicant has explicitly stated that the 
recitation in the claim "Is not Intended to say that there are no network routers, hubs, 
switches, or other devices that enable computing devices to communicate over a 
network" (Implicitly between the client and authorlzer, see page 6 of the response 
received 05 July 2007). The Examiner reiterates that a server acting to perform the 
tunneling or forwarding operation as described In McGarvey would be encompassed by 
at least the last category. I.e., the forwarding server would be a device that enables 
computing devices to communicate over a network. Therefore, the Examiner believes 
that McGarvey does disclose the direct cllent-authorlzer provision of a certificate as 
claimed. 

Regarding dependent Claim 3, Applicant argues that McGarvey fails to teach or 
suggest a one-time use certificate and that the cited portions of McGarvey only describe 
tickets "that are good only for a short period of time" or "limit use to a certain unit of 
work" (page 6 of the present response). However, Applicant does not further elaborate 



Application/Control Number: 10/022,592 Page 5 

Art Unit: 2137 

on why these, especially a ticket that limits use to a "unit of work", are not seen to 
suggest a one-time use certificate. In particular, the Examiner believes that although 
the term is not explicitly defined within McGarvey, from the plain meaning of the words, 
a "unit of work" could be considered to be as small as a single processing operation, 
and would certainly encompass a process that could require as little as a single 
communication session. Therefore, if there is only one session, then the certificate 
would only be used once, and therefore, this would meet the limitation of a "one-time 
use certificate" as claimed. 

Therefore, for the reasons detailed above, the Examiner maintains the rejections 
as set forth below. 



Claim Rejections - 35 USC §112 



3. Although the amendment to Claim 8 has rendered moot some of the issues of 
indefiniteness described in the previous office action, it appears that other issues of 
indefiniteness remain. Therefore, Claim 8 remains rejected under 35 U.S.C. 112, 

second paragraph, as set forth below. 

4. The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

The specification sliall conclude witli one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claim 8 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 
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Claim 8 recites the limitation "not providing, by the client to the authorizer, the at 
least one first certificate". This limitation appears to explicitly contradict the limitation in 
independent Claim 1 of providing the at least one first certificate by the client to the 
authorizer. This renders the claim indefinite. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1-9 and 12-14 are rejected under 35 U.S.C. 102(e) as being anticipated 
by McGarvey, US Patent 6643774. 

In reference to Claim 1 , McGarvey discloses a method including a client storing a 
first certificate from an authorizer, the client storing a URI associated with the first 
certificate and a third party, the client providing a certificate and the URI to the third 
party (see column 12, lines 22-26), and the client providing the first certificate directly to 
the authorizer in response to the authorizer accessing the URI, in which the client 
retains control over the third party's use of the first certificate (see Figures 3 and 8, 
where the client 300 corresponds to the client of the present claim, the server 310 
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corresponds to the third party of the present claim, and private key system 330 
corresponds to the authorizer of the present claim; see also column 1 1 , line 37-column 
12, line 1 1 , where, inter alia, the certificate is tunneled directly from the client to the 
private key system, i.e. authorizer). 

In reference to Claims 2 and 3, McGarvey further discloses providing a short- 
term use certificate to the third party (column 12, lines 30-35; column 8, lines 8-13). 

In reference to Claim 4, McGarvey further discloses authenticating the authorizer 
upon accessing the URI (column 11, lines 60-61). 

In reference to Claims 5 and 6, McGarvey further discloses limiting and tracking 
the third party's use of the first certificate (column 8, lines 8-13). 

In reference to Claim 7, McGarvey further discloses that the contents of the first 
certificate are not revealed to the third party (see column 11, lines 42-46). 

In reference to Claim 8, McGarvey further discloses determining that the third 
party's ability to use the first certificate is not authorized (see column 12, lines 30-36). 

In reference to Claim 9, McGarvey discloses a method including a client 
receiving a first certificate from an authorize, the client generating a URI associated with 
the first certificate and a third party, the client providing a second certificate and the URI 
to the third party (see column 12, lines 22-26), and the client providing the first 
certificate directly to the authorizer upon the authorizer accessing the URI after the third 
party has provided the second certificate and URI to the authorizer (see Figures 3 and 
8, where the client 300 corresponds to the client of the present claim, the server 310 
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corresponds to the third party of the present claim, and private key system 330 
corresponds to the authorizer of the present claim; see also column 1 1 , line 37-column 
12, line 1 1 , where, inter alia, the certificate is tunneled directly from the client to the 
private key system, i.e. authorizer). 

In reference to Claim 12, McGarvey further discloses that the third party is 
granted access to a resource of the authorizer (column 8, lines 4-19). 

In reference to Claim 13, McGarvey further discloses tracking a use of the 
second certificate (column 8, lines 8-13). 

In reference to Claim 14, McGarvey further discloses that the second certificate 
can be revoked (column 8, lines 10-13; column 12, lines 30-36). 



Claim Rejections - 35 USC § 103 



8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
McGarvey in view of Eastlake et al, "XML-Signature Syntax and Processing". 

McGarvey discloses everything as applied above to Claim 9. However, 
McGarvey does not explicitly disclose the use of XML signatures. Eastlake discloses 



that XML signatures can be used to apply digital signatures to the content of resources 
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that may be external to the signature itself (page 4, section 1 .0, "Introduction"). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of McGarvey to include the use of XML 
signatures, in order to provide integrity and message or signer authentication (see 
Eastlake, page 1 , Abstract). 

10. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
McGarvey in view of Ellison et al, "SPKI Certificate Theory". 

McGarvey discloses everything as applied above to Claim 9. However, 
McGarvey does not explicitly disclose the use of SPKI certificates. Ellison et al disclose 
that authorization certificates can be used to delegate authorizations (page 14, section 
4, "Delegation") and that SPKI certificates can be used to define an authorization 
certificate (page 13, section 3.3, "SPKI Certificates"). Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify 
the method of McGarvey to include the use of SPKI certificates, in order to allow for 
authorizations to be delegated without needing to involve the owner of the resource 
concerned (see Ellison, page 14, section 4). 

Conclusion 



1 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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a. Weeks et al, US Patent 7313692, discloses a trust management system 
using authorization certificates for delegation of authorization. 

b. Wray, US Patent 7340601 , discloses a certification system that includes 
delegation using SPKI certificates. 

12. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action, in the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A. Davis whose telephone number is (571)272- 
3870. The examiner can normally be reached on weekdays 8:30-6:00, alternate 
Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571 ) 272-3865. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/ZAD/ 

Examiner, Art Unit 2137 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 



